package com.juzipi.demo.realm;


import com.auth0.jwt.interfaces.DecodedJWT;
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.juzipi.demo.pojo.User;
import com.juzipi.demo.service.UserService;
import com.juzipi.demo.shiro.JWTToken;
import com.juzipi.demo.utils.JWTUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.LinkedHashSet;

//自定义realm

@Component
public class CustomerRealm extends AuthorizingRealm {


    @Autowired
    private UserService userService;


    //使用自己实现的token
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }


    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("======================");
        System.out.println("执行了授权");
        System.out.println("======================");
        //获取到登陆的用户名
        String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();
        //根据用户名查询用户信息
        User user = userService.checkUser(primaryPrincipal);
        //登陆的用户的角色信息
        String role = user.getRole();
        //登陆的用户的权限信息
        String permission = user.getPermission();
        System.out.println("查询到了当前用户的角色信息: "+role);
        System.out.println("查询到了当前用户的权限信息: "+permission);
        LinkedHashSet<String> setRole = new LinkedHashSet<>();
        setRole.add(role);
        LinkedHashSet<String> setPermission = new LinkedHashSet<>();
        setPermission.add(permission);
        //设置查到用户的已有权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setRoles(setRole);
        simpleAuthorizationInfo.setStringPermissions(setPermission);

        if (role == null || permission == null){
            //给用户添加权限
            simpleAuthorizationInfo.addRole("user");
            simpleAuthorizationInfo.addStringPermission("normal");
            System.out.println("添加了普通权限");
        }

        return simpleAuthorizationInfo;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

        System.out.println("======================");
        System.out.println("      执行了认证");
        System.out.println("======================");
        //获取token
        String token = (String) authenticationToken.getCredentials();
        //获取身份信息
        String principal = (String) authenticationToken.getPrincipal();
        //验证token
        DecodedJWT verify = JWTUtils.verify(token);
        if (StringUtils.checkValNull(verify)){
            throw new RuntimeException("验证token失败");
        }
        //通过token里的荷载获取 用户名
        //啊 注意这里是 asString 不是 toString
        String username = verify.getClaim("username").asString();
        if (org.apache.commons.lang3.StringUtils.isBlank(username)){
            throw new AuthenticationException("用户名为空");
        }
        //获取到用户信息
        User user = userService.checkUser(username);
        if (StringUtils.checkValNull(user)){
            throw new RuntimeException("用户不存在");
        }
        //判断用户是否可用
        Integer ban = user.getBan();
        if (ban == 1){
            throw new RuntimeException("用户不可用");
        }
        //用户名,密码，realm名字
        return new SimpleAuthenticationInfo(username,token,getName());

    }
}
